#! /bin/sh # $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/files/mkservercert,v 1.2 2004/07/18 03:29:51 dragonheart Exp $ # Self-signed certificate generator for Qmail under Gentoo # Robin H. Johnson - October 17, 2003 # Based on mkimapdcert from courier-imap. test -x /usr/bin/openssl || exit 0 source /sbin/functions.sh filedir="/var/qmail/control" pemfile="${filedir}/servercert.pem" randfile="${filedir}/servercert.rand" conffile="${filedir}/servercert.cnf" # file details for pemfile mode="0640" uid="qmaild" gid="qmail" # expire on certifcate days="365" if test -f $pemfile then eerror "$pemfile already exists." exit 1 fi ewarn "Please customize ${conffile} before continuing!" einfo "Press ENTER to continue, or CTRL-C to stop now." read # setup the temp file cp /dev/null $pemfile chmod 600 $pemfile chown root $pemfile cleanup() { rm -f $pemfile rm -f $randfile exit 1 } dd if=/dev/urandom of=${randfile} bs=64 count=1 2>/dev/null chmod 600 ${randfile} einfo "Creating self-signed certificate" /usr/bin/openssl req -new -x509 -days ${days} -nodes \ -config ${conffile} -out $pemfile -keyout $pemfile -rand ${randfile} || cleanup einfo "Certificate details" /usr/bin/openssl x509 -subject -dates -fingerprint -noout -in $pemfile || cleanup chown ${uid}:${gid} ${pemfile} chmod ${mode} ${pemfile} #qmail needs an extra item ln -s ${pemfile} ${filedir}/clientcert.pem rm -f $randfile